Merge branch 'main' into task/remove-broad-iam-pass-role-permission/C…

…DD-2383
UKHSA-Internal · Jan 7, 2025 · 307c3c1 · 307c3c1
2 parents cba4b22 + f4b9adf
commit 307c3c1
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 9 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @UKHSA-Internal/data-dashboard-engineers
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -102,6 +102,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
           tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
 
+      - uses: ./.github/actions/setup-terraform
       - uses: ./.github/actions/setup-zsh
 
       - name: Terraform output

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -193,6 +193,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
           tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
 
+      - uses: ./.github/actions/setup-terraform
       - uses: ./.github/actions/setup-zsh
       - uses: ./.github/actions/short-sha
 

diff --git a/.github/workflows/well-known-environment.yml b/.github/workflows/well-known-environment.yml
@@ -126,6 +126,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
           tools-account-role: ${{ secrets.UHD_TERRAFORM_IAM_ROLE }}
 
+      - uses: ./.github/actions/setup-terraform
       - uses: ./.github/actions/setup-zsh
       - uses: ./.github/actions/well-known-environment-name
         with:

diff --git a/terraform/20-app/aurora-db.app.tf b/terraform/20-app/aurora-db.app.tf
@@ -14,11 +14,12 @@ module "aurora_db_app" {
   database_name               = "cms"
   master_username             = "api_user"
 
-  monitoring_interval = 0
-  apply_immediately   = true
-  skip_final_snapshot = true
-  publicly_accessible = local.enable_public_db
-  deletion_protection = local.use_prod_sizing
+  monitoring_interval             = 0
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  publicly_accessible             = local.enable_public_db
+  deletion_protection             = local.use_prod_sizing
+  enabled_cloudwatch_logs_exports = ["postgresql"]
 
   instance_class = "db.serverless"
   serverlessv2_scaling_configuration = {

diff --git a/terraform/20-app/aurora-db.feature-flags.tf b/terraform/20-app/aurora-db.feature-flags.tf
@@ -9,14 +9,16 @@ module "aurora_db_feature_flags" {
   storage_encrypted = true
 
   publicly_accessible = true
+  deletion_protection = local.use_prod_sizing
 
   manage_master_user_password = true
   database_name               = "unleash"
   master_username             = "unleash_user"
 
-  monitoring_interval = 60
-  apply_immediately   = true
-  skip_final_snapshot = true
+  monitoring_interval             = 60
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
 
   instance_class = "db.serverless"
   serverlessv2_scaling_configuration = {

diff --git a/terraform/20-app/ip-allow-lists.tf b/terraform/20-app/ip-allow-lists.tf
@@ -13,7 +13,7 @@ locals {
       "35.179.30.107/32",   # UKHSA test EC2
       "18.133.111.70/32",   # UKHSA test gateway
       "81.108.89.51/32",    # Krishna - Macbook
-      "165.225.197.26/32",  # Krishna - Windows
+      "147.161.236.99/32",  # Krishna - Windows
       "80.7.227.61/32",     # Kiran
       "92.234.44.48/32",    # Zesh
       "51.241.222.137/32",  # Temitope Akinsoto